SharePoint Saturday St. Louis - SPS Events

Download Report

Transcript SharePoint Saturday St. Louis - SPS Events 

SharePoint Security
and Search
Lou Farho, Design Architect
Alexander Open Systems
Thank you SPSKC15 sponsors!
About Me
Lou Farho
[email protected] SharePoint Design Architect
▪ 20+ years in IT
▪ 10+ years working with Portals
▪ 7+ years working with SharePoint
▪ http://www.linkedin.com/in/loufarho/
▪ Wrote my first program in FORTRAN using a card punch machine
▪ Bachelors in Physics (University of Nebraska-Lincoln)
▪ Master in “Computer Science” (University of Nebraska-Omaha)
3
| SharePoint Saturday St. Louis 2014
AOS SharePoint Portal Practice
Microsoft Gold Partner
Top Talent
▪ Portals and
Collaboration
▪ 4 Microsoft SharePoint vTSPs
▪ Communications
▪ 16 Architects and Developers
▪ Messaging
▪ Average of 7 years of
SharePoint Experience
▪ Server Platform
▪ Over 50 migrations from
SharePoint 2007/2010 to 2013
Customers Win
• 99.68% of customer respondents would refer AOS to their peers!
4
| SharePoint Saturday St. Louis 2014
Agenda
▪ Discuss SharePoint Security
▪ Discuss Search
▪ Demo
5
| SharePoint Saturday St. Louis 2014
SharePoint Security
When you start looking at security, chances are good that you start
with the basics: who is allowed to access SharePoint resources, what
resources are they allowed to see, what resources are they allowed
to use, and how are they allowed to use them.
▪ Active Directory Security Groups
▪ SharePoint Groups
▪ Direct Permissions
▪ Permission Levels
6
| SharePoint Saturday St. Louis 2014
Active Directory Security Groups
This is the backbone to provisioning end user access into
you Web Applications, Site Collections and Sub-Sites
▪ This allows easy transitions of user access by
memberships to AD groups.
▪ Copy another users access by looking at their AD
memberships
▪ Can delete a User from the User Information List
without harming their access into the site collection
7
| SharePoint Saturday St. Louis 2014
SharePoint Groups
▪ Use SP Groups to encapsulate the Permission
Levels
– Owners
– Members
– Visitors
– Custom Levels
▪ Add AD Security Groups
▪ Add Users
8
| SharePoint Saturday St. Louis 2014
Direct Permissions
▪ Bad, Very Bad
▪ Hard to determine who has what access
▪ Need to leverage third-party to find out
▪ Better to use a SharePoint Group
9
| SharePoint Saturday St. Louis 2014
Permission Levels
Permissions are rights to do something; to view, create,
delete, or edit something.
User Permissions are broken down into three categories
▪ List Permissions
▪ Site Permissions
▪ Personal Permissions
10
| SharePoint Saturday St. Louis 2014
List Permissions
Permission
Description
Manage Lists
Create and delete lists, add or remove columns in a list, and add or remove public views of a list.
Override List Behaviors
Discard or check in a document that is checked out to another user, and change or override settings that allow users to read/edit
only their own items.
Add Items
Add items to lists, and add documents to document libraries.
Edit Items
Edit items in lists, edit documents in document libraries, and customize Web Part pages in document libraries.
Delete Items
Delete items from a list, and documents from a document library.
View Items
View items in lists, and documents in document libraries.
Approve Items
Approve a minor version of list items or document.
Open Items
View the source of documents with server-side file handlers.
View Versions
View past versions of a list item or document.
Delete Versions
Delete past versions of list items or documents.
Create Alerts
Create alerts.
View Application Pages
View forms, views, and application pages. Enumerate lists.
Site Permissions
Permission
Description
Manage Permissions
Create and change permission levels on the web site and assign permissions to users and groups.
View Usage Data
View reports on website usage.
Create Subsites
Create subsites such as team sites, Meeting Workspace sites, and Document Workspace sites.
Manage Web Site
Grants the ability to perform all administration tasks for the web site, as well as manage content.
Add and Customize Pages
Add, change, or delete HTML pages or Web Part pages, and edit the website.
Apply Themes and Borders
Apply a theme or borders to the whole website.
Apply Style Sheets
Apply a style sheet (.css file) to the website.
Create Groups
Create a group of users that can be used anywhere within the site collection.
Browse Directories
Enumerate files and folders in a website by using SharePoint Designer 2013 and Web DAV interfaces.
Use Self-Service Site Creation
Create a website using Self-Service Site Creation.
View Pages
View pages in a website.
Enumerate Permissions
Enumerate permissions on the website, list, folder, document, or list item.
Browse User Information
View information about users of the website.
Manage Alerts
Manage alerts for all users of the website.
Use Remote Interfaces
Use SOAP, Web DAV, the Client Object Model, or SharePoint Designer 2013 interfaces to access the website.
Use Client Integration Features
Use features that launch client applications. Without this permission, users must work on documents locally and then upload
their changes.
Open
Enables users to open a website, list, or folder to access items inside that container.
Edit Personal User Information
Enables users to change their own user information, such as adding a picture.
Personal Permissions
Permission
Description
Manage Personal Views
Create, change, and delete personal views of lists.
Add/Remove Personal Web Parts
Add or remove personal Web Parts on a Web Part page.
Update Personal Web Parts
Update Web Parts to display personalized information.
Impact on Search
▪ When Permissions change, SharePoint must
recalculate and update the index for the scope
impacted by the security change.
14
| SharePoint Saturday St. Louis 2014
Demo
1.
Search Service Application
2.
Crawl Health Report
3.
Add User
4.
Run an Incremental Crawl
5.
Inspect Report
6.
Modify an AD Security Group
7.
Repeat 4&5
15
| SharePoint Saturday St. Louis 2014
Summary
▪ Impact to incremental crawls using security groups vs
SharePoint Groups
▪ SharePoint Farm Size determines overall impact
▪ There will be other factors that impact the
incremental crawl. Documents!
▪ Governance for Security and use of Security Groups
▪ Security Group Sprawl
16
| SharePoint Saturday St. Louis 2014
Resources
▪ http://technet.microsoft.com/enus/library/cc721640.aspx
▪ http://msdn.microsoft.com/enus/library/dd728295(v=office.12).aspx
▪ https://www.nothingbutsharepoint.com/sites/eusp/pa
ges/active-directory-groups-vs--sharepoint-groupsfor-user-management-a-dilemma.aspx
▪ http://www.sharepointnutsandbolts.com/2010/09/setobject-caching-user-accounts-with.html
17
| SharePoint Saturday St. Louis 2014
Thank you SPSKC15 sponsors!